draft-ietf-tram-stun-pmtud-02.txt   draft-ietf-tram-stun-pmtud-03.txt 
TRAM M. Petit-Huguenin TRAM M. Petit-Huguenin
Internet-Draft Impedance Mismatch Internet-Draft Impedance Mismatch
Intended status: Standards Track G. Salgueiro Intended status: Standards Track G. Salgueiro
Expires: January 26, 2017 Cisco Expires: April 30, 2017 Cisco
July 25, 2016 October 27, 2016
Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)
draft-ietf-tram-stun-pmtud-02 draft-ietf-tram-stun-pmtud-03
Abstract Abstract
This document describes a Session Traversal Utilities for NAT (STUN) This document describes a Session Traversal Utilities for NAT (STUN)
usage for Path MTU Discovery (PMTUD) between a client and a server. Usage for Path MTU Discovery (PMTUD) between a client and a server.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 26, 2017. This Internet-Draft will expire on April 30, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 3
3. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Simple Probing Mechanism . . . . . . . . . . . . . . . . . . 4 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5
4.1. Sending a Probe Request . . . . . . . . . . . . . . . . . 4 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6
4.2. Receiving a Probe Request . . . . . . . . . . . . . . . . 4 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6
4.3. Receiving a Probe Response . . . . . . . . . . . . . . . 5 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 6
5. Complete Probing Mechanism . . . . . . . . . . . . . . . . . 5 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7
5.1. Sending the Probe Indications and Report Request . . . . 5 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7
5.2. Receiving an ICMP packet . . . . . . . . . . . . . . . . 5 4.2.1. Sending the Probe Indications and Report Request . . 7
5.3. Receiving a Probe Indication and Report Request . . . . . 5 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 7
5.4. Receiving a Report Response . . . . . . . . . . . . . . . 6 4.2.3. Receiving a Probe Indication and Report Request . . . 7
5.5. Using Checksum as Packet Identifiers . . . . . . . . . . 6 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 8
5.6. Using Sequential Numbers as Packet Identifiers . . . . . 6 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 8
6. Probe Support Discovery Mechanisms . . . . . . . . . . . . . 7 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 9
6.1. Implicit Mechanism . . . . . . . . . . . . . . . . . . . 7 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 9
6.2. Probe Support Discovery with TURN . . . . . . . . . . . . 7 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 9
6.3. Probe Support Discovery with ICE . . . . . . . . . . . . 7 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 10
8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 8 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 10
8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 8 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . 9 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 11
10.2. Informative References . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . 11
A.1. Modifications between draft-ietf-tram-stun-pmtud-02 and 9.2. Informative References . . . . . . . . . . . . . . . . . 12
draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 10 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 12
A.2. Modifications between draft-ietf-tram-stun-pmtud-01 and A.1. Modifications between draft-ietf-tram-stun-pmtud-03 and
draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 10 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 12
A.3. Modifications between draft-ietf-tram-stun-pmtud-00 and A.2. Modifications between draft-ietf-tram-stun-pmtud-02 and
draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 10 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 13
A.4. Modifications between draft-petithuguenin-tram-stun- A.3. Modifications between draft-ietf-tram-stun-pmtud-01 and
pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 10 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 13
A.4. Modifications between draft-ietf-tram-stun-pmtud-00 and
draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 13
A.5. Modifications between draft-petithuguenin-tram-stun- A.5. Modifications between draft-petithuguenin-tram-stun-
pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 10 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 13
A.6. Modifications between draft-petithuguenin-behave-stun- A.6. Modifications between draft-petithuguenin-tram-stun-
pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 10 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 14
A.7. Modifications between draft-petithuguenin-behave-stun- A.7. Modifications between draft-petithuguenin-behave-stun-
pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 10 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 14
A.8. Modifications between draft-petithuguenin-behave-stun- A.8. Modifications between draft-petithuguenin-behave-stun-
pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 11 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 A.9. Modifications between draft-petithuguenin-behave-stun-
pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 14
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The Packetization Layer Path MTU Discovery specification [RFC4821] The Packetization Layer Path MTU Discovery (PMTUD) specification
describes a method to discover the path MTU but does not describe a [RFC4821] describes a method to discover the Path MTU but does not
practical protocol to do so with UDP. describe a practical protocol to do so with UDP.
This document only describes how probing mechanisms are implemented This document only describes how probing mechanisms are implemented
with Session Traversal Utilities for NAT (STUN). The algorithm to with Session Traversal Utilities for NAT (STUN). The algorithm to
find the path MTU is described in [RFC4821]. find the Path MTU is described in [RFC4821].
The STUN usage defined in this document for Path MTU Discovery The STUN usage defined in this document for Path MTU Discovery
(PMTUD) between a client and a server simplifies troubleshooting and (PMTUD) between a client and a server permits proper operations of
has multiple applications across a wide variety of technologies. UDP-based applications in the network. It also simplifies
troubleshooting and has multiple other applications across a wide
variety of technologies.
Additional network characteristics like the network path (using the Additional network characteristics like the network path (using the
STUN Traceroute mechanism described in STUN Traceroute mechanism described in
[I-D.martinsen-tram-stuntrace]) and bandwidth availability (using the [I-D.martinsen-tram-stuntrace]) and bandwidth availability (using the
mechanism described in [I-D.martinsen-tram-turnbandwidthprobe]) can mechanism described in [I-D.martinsen-tram-turnbandwidthprobe]) can
be discovered using complementary techniques. be discovered using complementary techniques.
2. Terminology 2. Overview of Operations
This section is meant to be informative only. It is not intended as
a replacement for [RFC4821].
A UDP endpoint that uses this specification to discover the Path MTU
over UDP and knows that the endpoint it is communicating with also
supports this specification can choose to use either the Simple
Probing mechanism (as described in Section 4.1) or the Complete
Probing mechanism (as described in Section 4.2). The selection of
which Probing Mechanism to use is dependent on performance and
security and complexity trade-offs.
If the Simple Probing mechanism is chosen, then it initiates Probe
transactions, as shown in Figure 1, which increase in size until
transactions timeout, indicating that the Path MTU has been exceeded.
It then uses that information to update the Path MTU.
Client Server
| |
| Probe Request |
|---------------->|
| |
| Probe Response |
|<----------------|
| |
Figure 1: Simple Probing Example
If the Complete Probing mechanism (as described in Section 4.2) is
chosen, then it sends Probe Indications of various sizes interleaved
with UDP packets sent by the UDP protocol. The Client then sends a
Report Request for the ordered list of identifiers for the UDP
packets and Probe Indications received by the Server. The Client
then compares the list returned in the Report Response with its own
list of identifiers for the UDP packets and Probe Indications it
sent. The Client then uses that comparison to find which Probe
Indications were dropped by the network as a result of their size.
It then uses that information to update the Path MTU.
Client Server
| UDP Packet |
|------------------>|
| |
| UDP Packet |
|------------------>|
| |
| Probe Indication |
|------------------>|
| |
| UDP Packet |
|------------------>|
| |
| Probe Indication |
|------------------>|
| |
| Report Request |
|------------------>|
| Report Response |
|<------------------|
| |
Figure 2: Complete Probing Example
3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. When these document are to be interpreted as described in [RFC2119]. When these
words are not in ALL CAPS (such as "must" or "Must"), they have their words are not in ALL CAPS (such as "must" or "Must"), they have their
usual English meanings, and are not to be interpreted as RFC 2119 key usual English meanings, and are not to be interpreted as RFC 2119 key
words. words.
3. Probing Mechanisms 4. Probing Mechanisms
A client MUST NOT send a probe if it does not have knowledge that the A client MUST NOT send a probe if it does not have knowledge that the
server supports this specification. This is done by an external server supports this specification. This is done either by external
mechanism specific to each UDP protocol. Section 6 describes some of signalling or by a mechanism specific to the UDP protocol to which
this mechanisms. PMTUD capabilities are added or by one of the mechanisms specified in
Section 5.
The probe mechanism is used to discover the path MTU in one direction The Probing mechanism is used to discover the Path MTU in one
only, from the client to the server. direction only, from the client to the server.
Two probing mechanisms are described, a simple probing mechanism and Two Probing mechanisms are described, a Simple Probing mechanism and
a more complete mechanism that can converge quicker. a more complete mechanism that can converge quicker and find an
appropriate PMTU in the presence of congestion. Additionally, the
Simple Probing mechanism does not require authentication, whereas the
complete mechanism does.
The simple probing mechanism is implemented by sending a Probe Implementations supporting this specification MUST implement the
server side of both the Simple Probing mechanism (Section 4.1) and
the Complete Probing mechanism (Section 4.2).
Implementations supporting this specification MUST implement the
client side of the Complete Probing mechanism. They MAY implement
the client side of the Simple Probing mechanism.
The Simple Probing mechanism is implemented by sending a Probe
Request with a PADDING [RFC5780] attribute and the DF bit set over Request with a PADDING [RFC5780] attribute and the DF bit set over
UDP. A router on the path to the server can reject this request with UDP. A router on the path to the server can reject this request with
an ICMP message or drop it. The client SHOULD cease retransmissions an ICMP message or drop it. The client SHOULD cease retransmissions
after 3 missing responses. after 3 missing responses.
The complete probing mechanism is implemented by sending one or more The Complete Probing mechanism is implemented by sending one or more
Probe Indication with a PADDING attribute and the DF bit set over UDP Probe Indications with a PADDING attribute and the DF bit set over
then a Report Request to the same server. A router on the path to UDP followed by a Report Request to the same server. A router on the
the server can reject this indication with an ICMP message or drop path to the server can reject this Indication with an ICMP message or
it. The server keeps a time ordered list of identifiers of all drop it. The server keeps a chronologically ordered list of
packets received (including retransmitted packets) and sends this identifiers for all packets received (including retransmitted
list back to the client in the Report Response. The client analyzes packets) and sends this list back to the client in the Report
this list to find which packets were not received. Because UDP Response. The client analyzes this list to find which packets were
packets does not contain an identifier, the complete probing not received. Because UDP packets do not contain an identifier, the
mechanism needs a way to identify each packet received. While there Complete Probing mechanism needs a way to identify each packet
are other possible packet identification schemes, this document received.
describes two different ways to identify a specific packet.
In the first packet identifier mechanism, the server computes a Some protocols may already have a way of identifying each individual
UDP packet, in which case these identifiers SHOULD be used in the
IDENTIFIERS attribute of the Report Response. While there are other
possible packet identification schemes, this document describes two
different ways to identify a specific packet.
In the first packet identification mechanism, the server computes a
checksum over each packet received and sends back to the sender the checksum over each packet received and sends back to the sender the
ordered list of checksums. The client compares this list to its own list of checksums ordered chronologically. The client compares this
list of checksums. list to its own list of checksums.
In the second packet identifier mechanism, the client adds a In the second packet identification mechanism, the client adds a
sequential number in front of each UDP packet sent. The server sends sequence number in front of each UDP packet sent. The server sends
back the ordered list of sequential numbers received that the client back the chronologically ordered list of sequence numbers received
compares to its own list that the client then compares with its own list.
4. Simple Probing Mechanism 4.1. Simple Probing Mechanism
4.1. Sending a Probe Request 4.1.1. Sending a Probe Request
A client forms a Probe Request by following the rules in Section 7.1 A client forms a Probe Request by following the rules in Section 7.1
of [RFC5389]. No authentication method is used. The client adds a of [RFC5389]. The Probe transaction MAY be authenticated. The
PADDING [RFC5780] attribute with a length that, when added to the IP client adds a PADDING [RFC5780] attribute with a length that, when
and UDP headers and the other STUN components, is equal to the added to the IP and UDP headers and the other STUN components, is
Selected Probe Size, as defined in [RFC4821] section 7.3. The client equal to the Selected Probe Size, as defined in [RFC4821]
MUST add the FINGERPRINT attribute. Section 7.3. The client MUST add the FINGERPRINT attribute.
Then the client sends the Probe Request to the server over UDP with Then the client sends the Probe Request to the server over UDP with
the DF bit set. The client SHOULD stop retransmitting after 3 the DF bit set. For the purpose of this transaction, the Rc
missing responses. parameter specified in Section 7.2.1 of [RFC5389] is set to 3. The
initial value for RTO stays at 500 ms.
4.2. Receiving a Probe Request 4.1.2. Receiving a Probe Request
A server receiving a Probe Request MUST process it as specified in A server receiving a Probe Request MUST process it as specified in
[RFC5389]. The server MUST NOT challenge the client. [RFC5389].
The server then creates a Probe Response. The server MUST add the The server then creates a Probe Response. The server MUST add the
FINGERPRINT attribute. The server then sends the response to the FINGERPRINT attribute. The server then sends the response to the
client. client.
4.3. Receiving a Probe Response 4.1.3. Receiving a Probe Response
A client receiving a Probe Response MUST process it as specified in A client receiving a Probe Response MUST process it as specified in
[RFC5389]. If a response is received this is interpreted as a Probe [RFC5389]. If a response is received this is interpreted as a Probe
Success as defined in [RFC4821] section 7.6.1. If an ICMP packet Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet
"Fragmentation needed" is received then this is interpreted as a "Fragmentation needed" is received then this is interpreted as a
Probe Failure as defined in [RFC4821] section 7.6.2. If the Probe Probe Failure, as defined in [RFC4821] Section 7.6.2. If the Probe
transactions fails in timeout, then this is interpreted as a Probe transactions times out, then this is interpreted as a Probe
Inconclusive as defined in [RFC4821] section 7.6.4. Inconclusive, as defined in [RFC4821] Section 7.6.4.
5. Complete Probing Mechanism 4.2. Complete Probing Mechanism
5.1. Sending the Probe Indications and Report Request 4.2.1. Sending the Probe Indications and Report Request
A client forms a Probe Indication by following the rules in [RFC5389] A client forms a Probe Indication by following the rules in [RFC5389]
section 7.1. The client adds to the Probe Indication a PADDING Section 7.1. The client adds to the Probe Indication a PADDING
attribute with a size that, when added to the IP and UDP headers and attribute with a size that, when added to the IP and UDP headers and
the other STUN components, is equal to the Selected Probe Size, as the other STUN components, is equal to the Selected Probe Size, as
defined in [RFC4821] section 7.3. The client MUST add the defined in [RFC4821] Section 7.3. If the authentication mechanism
FINGERPRINT attribute. permits it, then the Indication MUST be authenticated. The client
MUST add the FINGERPRINT attribute.
Then the client sends the Probe Indication to the server over UDP Then the client sends the Probe Indication to the server over UDP
with the DF bit set. with the DF bit set.
Then the client forms a Report Request by following the rules in Then the client forms a Report Request by following the rules in
[RFC5389] section 7.1. No authentication method is used. The client [RFC5389] Section 7.1. The Report transaction MUST be authenticated.
MUST add the FINGERPRINT attribute. The client MUST add the FINGERPRINT attribute.
Then the client waits half the RTO if it is known or 50 milliseconds Then the client waits half the RTO, if it is known, or 250 ms after
after sending the Probe Indication and sends the Report Request to sending the last Probe Indication and then sends the Report Request
the server over UDP. to the server over UDP.
5.2. Receiving an ICMP packet 4.2.2. Receiving an ICMP Packet
If an ICMP packet "Fragmentation needed" is received then this is If an ICMP packet "Fragmentation needed" is received then this is
interpreted as a Probe Failure as defined in [RFC4821] section 7.5. interpreted as a Probe Failure, as defined in [RFC4821] Section 7.5.
5.3. Receiving a Probe Indication and Report Request 4.2.3. Receiving a Probe Indication and Report Request
A server supporting this specification and knowing that the client A server supporting this specification will keep the identifiers of
also supports it will keep the identifiers of all packets received in all packets received in a chronologically ordered list. The same
a list ordered by receiving time. The same identifier can appear identifier can appear multiple times in the list because of
multiple times in the list because of retransmission. The maximum retransmissions. The maximum size of this list is calculated such
size of this list is calculated so that when the list is added to the that when the list is added to the Report Response, the total size of
Report Response, the total size of the packet does not exceed the the packet does not exceed the unknown Path MTU, as defined in
unknown path MTU as defined in [RFC5389] section 7.1. Older [RFC5389] Section 7.1. Older identifiers are removed when new
identifiers are removed when new identifiers are added to a list identifiers are added to a list that is already full.
already full.
A server receiving a Report Request MUST process it as specified in A server receiving a Report Request MUST process it as specified in
[RFC5389]. The server MUST NOT challenge the client. [RFC5389].
The server creates a Report Response and adds an IDENTIFIERS The server creates a Report Response and adds an IDENTIFIERS
attribute that contains the list of all identifiers received so far. attribute that contains the list of all identifiers received so far.
The server MUST add the FINGERPRINT attribute. The server then sends The server MUST add the FINGERPRINT attribute. The server then sends
the response to the client. the response to the client.
5.4. Receiving a Report Response The exact content of the IDENTIFIERS attribute depends on what type
of identifiers have been chosen for the protocol. Each protocol
adding PMTUD capabilities as specified by this specification MUST
describe the format of the contents of the IDENTIFIERS attribute,
unless it is using one of the formats described in this
specification.
4.2.4. Receiving a Report Response
A client receiving a Report Response processes it as specified in A client receiving a Report Response processes it as specified in
[RFC5389]. If the response IDENTIFIERS attribute contains the [RFC5389]. If the response IDENTIFIERS attribute contains the
identifier of the Probe Indication, then this is interpreted as a identifier of the Probe Indication, then this is interpreted as a
Probe Success for this probe as defined in [RFC4821] Section 7.5. If Probe Success for this probe, as defined in [RFC4821] Section 7.5.
the Probe Indication identifier cannot be found in the Report If the Probe Indication identifier cannot be found in the Report
Response, this is interpreted as a Probe Failure as defined in Response, this is interpreted as a Probe Failure, as defined in
[RFC4821] Section 7.5. If the Probe Indication identifier cannot be [RFC4821] Section 7.5. If the Probe Indication identifier cannot be
found in the Report Response but other packets identifier sent before found in the Report Response but identifiers for other packets sent
or after the Probe Indication cannot also be found, this is before or after the Probe Indication cannot also be found, this is
interpreted as a Probe Inconclusive as defined in [RFC4821] interpreted as a Probe Inconclusive, as defined in [RFC4821]
Section 7.5. If the Report Transaction fails in timeout, this is Section 7.5. If the Report Transaction times out, this is
interpreted as a Full-Stop Timeout as defined in [RFC4821] Section 3. interpreted as a Full-Stop Timeout, as defined in [RFC4821]
Section 3.
5.5. Using Checksum as Packet Identifiers 4.2.5. Using Checksums as Packet Identifiers
When using checksum as packet identifiers, the client calculate the When using a checksum as a packet identifier, the client calculates
checksum for each packet sent over UDP and keep this checksum in an the checksum for each packet sent over UDP and keeps this checksum in
ordered list. The server does the same thing and send back this list an ordered list. The server does the same thing and sends back this
in the Report Response. list in the Report Response.
The algorithm used to calculate the checksum is the same as the
algorithm used for the FINGERPRINT attribute. The contents of the
IDENTIFIERS attribute is a list of 4 byte numbers, each using the
same encoding that is used for the contents of the FINGERPRINT
attribute.
It could have been possible to use the checksum generated in the UDP It could have been possible to use the checksum generated in the UDP
checksum for this, but this value is generally not accessible to checksum for this, but this value is generally not accessible to
applications. Also sometimes the checksum is not calculated or off- applications. Also, sometimes the checksum is not calculated or is
loaded to the network card. off-loaded to network hardware.
5.6. Using Sequential Numbers as Packet Identifiers 4.2.6. Using Sequence Numbers as Packet Identifiers
When using sequential numbers, a small header similar to the TURN When using sequence numbers, a small header similar to the TURN
ChannelData header is added in front of all non-STUN packets. The ChannelData header is added in front of all non-STUN packets. The
sequential number is incremented for each packet sent. The server sequence number is monotonically incremented by one for each packet
collects the sequence number of the packets sent. sent. The server collects the sequence number of the packets sent.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Channel Number | Length | | Channel Number | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | | Sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
/ Application Data / / Application Data /
/ / / /
| | | |
| +-------------------------------+ | +-------------------------------+
| | | |
+-------------------------------+ +-------------------------------+
The Channel Number is always 0xFFFF. The Channel Number is always 0xFFFF. The header values are encoded
using network order.
6. Probe Support Discovery Mechanisms The contents of the IDENTIFIERS attribute is a list of 4 byte
numbers, each containing a sequence number encoded using network
order.
6.1. Implicit Mechanism 5. Probe Support Signaling Mechanisms
An endpoint acting as a client for the STUN usage described in this The PMTUD mechanism described in this document is intended to be used
specification MUST also act as a server for this STUN usage. This by any UDP-based protocols that do not have built-in PMTUD
means that a server receiving a probe can assumes that it can acts as capabilities, irrespective of whether those UDP-based protocols are
a client to discover the path MTU to the IP address and port from STUN-based or not. So the manner in which a specific protocol
which it received the probe. discovers that it is safe to send PMTUD probes is largely dependent
on the details of that specific protocol, with the exception of the
Implicit Mechanism described below, which applies to any protocol.
6.2. Probe Support Discovery with TURN 5.1. Explicit Probe Support Signaling Mechanism
A TURN client supporting this STUN usage will add a PMTUD-SUPPORTED Some of these mechanisms can use a separate signalling mechanism (for
attribute to the Allocate Request sent to the TURN server. The TURN instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or
server can immediately start to send probes to the TURN client on an optional flag that can be set in the protocol that is augmented
reception of an Allocation Request with a PMTUD-SUPPORTED attribute. with PMTUD capabilities. STUN Usages that can benefit from PMTUD
The TURN client will then use the Implicit Mechanism described above capabilities can signal in-band that they support probing by
to send probes. inserting a PMTUD-SUPPORTED attribute in some STUN methods. The
decision of which methods support this attribute is left to each
specific STUN Usage.
6.3. Probe Support Discovery with ICE UDP-based protocols that want to use any of these mechanisms,
including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities
MUST ensure that it cannot be used to launch an amplification attack.
For example, using authentication can ensure this.
An ICE [RFC5245] client supporting this STUN usage will add a PMTUD- 5.2. Implicit Probe Support Signaling Mechanism
SUPPORTED attribute to the Binding Request sent during a connectivity
check. The ICE server can immediately start to send probes to the As a result of the fact that all endpoints implementing this
ICE client on reception of a Binding Request with a PMTUD-SUPPORTED specification are both clients and servers, a Probe Request or
attributed. Local candidates receiving Binding Request with the Indication received by an endpoint implicitly signals that its sender
PMTUD-SUPPORTED flag must not start PMTUD with the remote candidate MAY be used to probe the Path MTU in the reverse direction.
if already done so. The ICE client will then use the Implicit
Mechanism described above to send probes. The Probe Request or Indication that are used to implicitly signal
probing support in the reverse direction MUST be authenticated to
prevent amplification attacks.
6. STUN Attributes
6.1. IDENTIFIERS
The IDENTIFIERS attribute carries a chronologically ordered list of
UDP packet identifiers. Each protocol has to define how these
identifiers are acquired and formatted, therefore the contents of the
IDENTIFIERS attribute is opaque.
6.2. PMTUD-SUPPORTED
The PMTUD-SUPPORTED attribute indicates that its sender supports this
specification. This attribute is empty.
7. Security Considerations 7. Security Considerations
The PMTUD mechanism described in this document does not introduce any The PMTUD mechanism described in this document does not introduce any
specific security considerations beyond those described in [RFC4821]. specific security considerations beyond those described in [RFC4821].
The attack described in [RFC4821] applies equally to the mechanism The attacks described in Section 11 of [RFC4821] apply equally to the
described in this document. mechanism described in this document.
The Simple Probing mechanism may be used without authentication
because this usage by itself cannot trigger an amplification attack
because the Probe Response is smaller than the Probe Request. An
unauthenticated Simple Probing mechanism cannot be used in
conjunction with the Implicit Probing Support Signaling mechanism in
order to prevent amplification attacks.
8. IANA Considerations 8. IANA Considerations
This specification defines two new STUN method and two new STUN This specification defines two new STUN methods and two new STUN
attributes. IANA added these new protocol elements to the "STUN attributes. IANA added these new protocol elements to the "STUN
Parameters Registry" created by [RFC5389]. Parameters Registry" created by [RFC5389].
8.1. New STUN Methods 8.1. New STUN Methods
This section lists the codepoints for the new STUN methods defined in This section lists the codepoints for the new STUN methods defined in
this specification. See Sections Section 4 and Section 5 for the this specification. See Sections Section 4.1 and Section 4.2 for the
semantics of these new methods. semantics of these new methods.
0xXXX : Probe 0xXXX : Probe
0xXXX : Report 0xXXX : Report
8.2. New STUN Attributes 8.2. New STUN Attributes
This document defines the IDENTIFIERS STUN attribute, described in This document defines the IDENTIFIERS STUN attribute, described in
Section 5. IANA has allocated the comprehension-required codepoint Section 6.1. IANA has allocated the comprehension-required codepoint
0xXXXX for this attribute. 0xXXXX for this attribute.
This document also defines the PMTUD-SUPPORTED STUN attribute, This document also defines the PMTUD-SUPPORTED STUN attribute,
described in Section 6. IANA has allocated the comprehension- described in Section 6.2. IANA has allocated the comprehension-
optional codepoint 0xXXXX for this attribute. optional codepoint 0xXXXX for this attribute.
9. Acknowledgements 9. References
Thanks to Eilon Yardeni, Geir Sandbakken and Paal-Erik Martinsen for
their review comments, suggestions and questions that helped to
improve this document.
Special thanks to Dan Wing, who supported this document since its
first publication back in 2008.
10. References 9.1. Normative References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
<http://www.rfc-editor.org/info/rfc4821>. <http://www.rfc-editor.org/info/rfc4821>.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>.
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389, "Session Traversal Utilities for NAT (STUN)", RFC 5389,
DOI 10.17487/RFC5389, October 2008, DOI 10.17487/RFC5389, October 2008,
<http://www.rfc-editor.org/info/rfc5389>. <http://www.rfc-editor.org/info/rfc5389>.
10.2. Informative References 9.2. Informative References
[I-D.martinsen-tram-stuntrace] [I-D.martinsen-tram-stuntrace]
Martinsen, P. and D. Wing, "STUN Traceroute", draft- Martinsen, P. and D. Wing, "STUN Traceroute", draft-
martinsen-tram-stuntrace-01 (work in progress), June 2015. martinsen-tram-stuntrace-01 (work in progress), June 2015.
[I-D.martinsen-tram-turnbandwidthprobe] [I-D.martinsen-tram-turnbandwidthprobe]
Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit-
Huguenin, "Traversal Using Relays around NAT (TURN) Huguenin, "Traversal Using Relays around NAT (TURN)
Bandwidth Probe", draft-martinsen-tram- Bandwidth Probe", draft-martinsen-tram-
turnbandwidthprobe-00 (work in progress), May 2015. turnbandwidthprobe-00 (work in progress), May 2015.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264,
DOI 10.17487/RFC3264, June 2002,
<http://www.rfc-editor.org/info/rfc3264>.
[RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery [RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery
Using Session Traversal Utilities for NAT (STUN)", Using Session Traversal Utilities for NAT (STUN)",
RFC 5780, DOI 10.17487/RFC5780, May 2010, RFC 5780, DOI 10.17487/RFC5780, May 2010,
<http://www.rfc-editor.org/info/rfc5780>. <http://www.rfc-editor.org/info/rfc5780>.
Appendix A. Release Notes Appendix A. Release Notes
This section must be removed before publication as an RFC. This section must be removed before publication as an RFC.
A.1. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- A.1. Modifications between draft-ietf-tram-stun-pmtud-03 and draft-
ietf-tram-stun-pmtud-02
o Add new Overview of Operations secion with ladder diagrams.
o Authentication is mandatory for the Complete Probing mechanism,
optional for the Simple Probing mechanism.
o All the ICE specific text moves to a separate draft to be
discussed in the ICE WG.
o The TURN usage is removed because probing between a TURN server
and TURN client is not useful.
o Any usage of PMTUD-SUPPORTED or other signaling mechanisms
(formerly knows as discovery mechanisms) must now be
authenticated.
o Both probing mechanisms are MTI in the server, the complete
probing mechanism is MTI in the client.
o Make clear that stopping after 3 retransmission is done by
changing the STUN parameter.
o Define the format of the attributes.
o Make clear that the specification is for any UDP protocol that
does not already have PMTUD capabilities, not just STUN based
protocols.
o Change the default delay to send the Report Request to 250 ms
after the last Indication if the RTO is unknown.
o Each usage of this specification must the format of the
IDENTIFIERS attribute contents.
o Better define the implicit signaling mechanism.
o Extend the Security Consideration section.
o Tons of nits.
A.2. Modifications between draft-ietf-tram-stun-pmtud-02 and draft-
ietf-tram-stun-pmtud-01 ietf-tram-stun-pmtud-01
o Cleaned up references. o Cleaned up references.
A.2. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- A.3. Modifications between draft-ietf-tram-stun-pmtud-01 and draft-
ietf-tram-stun-pmtud-00 ietf-tram-stun-pmtud-00
o Added Security Considerations Section. o Added Security Considerations Section.
o Added IANA Considerations Section. o Added IANA Considerations Section.
A.3. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- A.4. Modifications between draft-ietf-tram-stun-pmtud-00 and draft-
petithuguenin-tram-stun-pmtud-01 petithuguenin-tram-stun-pmtud-01
o Adopted by WG - Text unchanged. o Adopted by WG - Text unchanged.
A.4. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and A.5. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and
draft-petithuguenin-tram-stun-pmtud-00 draft-petithuguenin-tram-stun-pmtud-00
o Moved some Introduction text to the Probing Mechanism section. o Moved some Introduction text to the Probing Mechanism section.
o Added cross-reference to the other two STUN troubleshooting o Added cross-reference to the other two STUN troubleshooting
mechanism drafts. mechanism drafts.
o Updated references. o Updated references.
o Added Gonzalo Salgueiro as co-author. o Added Gonzalo Salgueiro as co-author.
A.5. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and A.6. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and
draft-petithuguenin-behave-stun-pmtud-03 draft-petithuguenin-behave-stun-pmtud-03
o General refresh for republication. o General refresh for republication.
A.6. Modifications between draft-petithuguenin-behave-stun-pmtud-03 and A.7. Modifications between draft-petithuguenin-behave-stun-pmtud-03 and
draft-petithuguenin-behave-stun-pmtud-02 draft-petithuguenin-behave-stun-pmtud-02
o Changed author address. o Changed author address.
o Changed the IPR to trust200902. o Changed the IPR to trust200902.
A.7. Modifications between draft-petithuguenin-behave-stun-pmtud-02 and A.8. Modifications between draft-petithuguenin-behave-stun-pmtud-02 and
draft-petithuguenin-behave-stun-pmtud-01 draft-petithuguenin-behave-stun-pmtud-01
o Replaced the transactions identifiers by packet identifiers
o Defined checksum and sequential numbers as possible packet o Defined checksum and sequential numbers as possible packet
identifiers. identifiers.
o Updated the reference to RFC 5389 o Updated the reference to RFC 5389
o The FINGERPRINT attribute is now mandatory. o The FINGERPRINT attribute is now mandatory.
o Changed the delay between Probe indication and Report request to o Changed the delay between Probe indication and Report request to
be RTO/2 or 50 milliseconds. be RTO/2 or 50 milliseconds.
o Added ICMP packet processing. o Added ICMP packet processing.
o Added Full-Stop Timeout detection. o Added Full-Stop Timeout detection.
o Stated that Binding request with PMTUD-SUPPORTED does not start o Stated that Binding request with PMTUD-SUPPORTED does not start
the PMTUD process if already started. the PMTUD process if already started.
A.8. Modifications between draft-petithuguenin-behave-stun-pmtud-01 and A.9. Modifications between draft-petithuguenin-behave-stun-pmtud-01 and
draft-petithuguenin-behave-stun-pmtud-00 draft-petithuguenin-behave-stun-pmtud-00
o Removed the use of modified STUN transaction but shorten the o Removed the use of modified STUN transaction but shorten the
retransmission for the simple probing mechanism. retransmission for the simple probing mechanism.
o Added a complete probing mechanism. o Added a complete probing mechanism.
o Removed the PADDING-RECEIVED attribute. o Removed the PADDING-RECEIVED attribute.
o Added release notes. o Added release notes.
Acknowledgements
Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen,
Tirumaleswar Reddy, and Ram Mohan R for their review comments,
suggestions and questions that helped to improve this document.
Special thanks to Dan Wing, who supported this document since its
first publication back in 2008.
Authors' Addresses Authors' Addresses
Marc Petit-Huguenin Marc Petit-Huguenin
Impedance Mismatch Impedance Mismatch
Email: marc@petit-huguenin.org Email: marc@petit-huguenin.org
Gonzalo Salgueiro Gonzalo Salgueiro
Cisco Systems, Inc. Cisco Systems, Inc.
7200-12 Kit Creek Road 7200-12 Kit Creek Road
 End of changes. 78 change blocks. 
196 lines changed or deleted 372 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/